As much as I’ve held off writing this, I’ve come to the point where I just can’t help myself anymore. So here goes!
As you’ve probably heard, the issue of Java security has again reared it’s ugly head.
As reported by lots of different news sources, and even Homeland Security, hackers found series flaws in Java 7, including the latest fix that Oracle (the maker of Java) had released. The flaw lets bad-guys using two popular hacker tool kits (Blackhole and Nuclear Pack) to setup malicious web sites that when visited, can drop code on your computer letting the hackers take over.
So where we are again, talking about Java and trying to help folks know what to do with it.
My mind hasn’t changed since I last wrote about in an article called Java Security Problems Uncovered. There, I told you about the original security issues and gave you all the choices of what you could do. (You might want to read that article again, since nothing has really changed! CLICK HERE to go to it).
My advice to most of the students that ask, “what should I do”, is to just uninstall Java completely.
If you do happen to run across a program or web site that needs it, and you just HAVE to use that program or web site, you can always, easily, re-install it again. In fact, most programs will not only tell you it’s needed, but then link you over to Oracle where you can pick it up.
And if you’re wondering what programs need Java, the two that I know of and you may have heard of are…
- LibreOffice (a Microsoft Office alternative)
- OpenOffice (another Office alternative)
I did a Google search for more examples of programs that use Java, but guess what? I couldn’t find any! What does that tell you?
As for web sites that use it, they are also becoming less frequent. I personally haven’t visited one site that needs Java in the past 6 months. And if I do find one, it will have to be a pretty darn good site for me to re-install Java so that I can visit it.
So again, my advice is to just get rid of the darn thing if you don’t need it (CLICK HERE to visit my last article on how to do that).
In case you are interested, here are some more articles you can read to learn even more about the Java problem:
- How Big a Security Risk is Java? (from last summer, but has lots of good background information).
- Homeland Security warns to disable Java amid zero-day flaw (from ZDNet)
- Beware of fake Java updates (from CNet)
- Do you need to uninstall Java? (from CNet)
- Oracle’s Java patch contains new holes (from PC World)
- How to disable Java (PC Magazine)
As always, I’d love to hear about your own personal experiences with Java and what you think about this big security mess! You can leave your comments below!
So Open Office needs Java! That may explain the problems I had recently. Do I have to buy MS Office for my laptop after all?
Hi Gunter…
I’m not absolutely sure about this, but I think there’s only one component of Open Office that needs Java… and it’s something related to the database feature. I haven’t check for a while, but it seems that when I once started Open Office and then just clicked through the Java error message, the word processor and spreadsheet continued to work.
Again, I can’t be sure of this.
If you do decide that you just want to purchase MS Office, keep in mind that a new version (2013) is coming out, probably in February. There might be some initial sale prices, which is something that Microsoft often does with new products.
John Lortz
Are Macs affected? If so what needs to be done? Thanks
Hi Carmen…
Yes, Mac’s are also affected since the flaw that hackers take advantage of are part of Java and not the Max OS-X directly.
Here’s a good article that focuses on Mac and Java…
http://www.tuaw.com/2013/01/11/a-reasonable-response-to-java-security-problems/
John Lortz
I use Libre Office all the time because of a spreadsheet… so what do I do about Java now? Go ahead and leave it enabled and HOPE nothing happens? I have Windows 7.
Thanks
Hi Nancy…
You have the one situation (along with using Apache Open Office) where you DO need Java on your computer. But you can still disable it in the browser(s) you use.
Here’s a link to a good article from PC Magazine that talks about that… http://www.pcmag.com/article2/0,2817,2414191,00.asp
Thanks for the post!
John Lortz